Data forensic techniques using Benford´s law and Zipf´s law for keystroke dynamics

The selection and application of biometrics traits for authentication and identification have recently attracted a significant amount of research interest. In this paper we investigate the use of keystroke data to distinguish between humans using keystroke biometric systems and non-humans for auditing application. Recently, Benford´s Law and Zipf´s Law, which are both discrete Power law probability distributions, have been effectively used to detect fraud and discriminate between genuine data and fake/tampered data. As such, our motivation is to apply the Benford´s Law and Zipf´s Law on keystroke data and to determine whether they follow these laws and discriminate between humans using keystroke biometric systems from non-humans. From the results, we observe that, the latency values of the keystroke data from humans actually follow the Benford´s law and Zipf´s law, but not the duration values. This implies that, latency values from humans would follow the two laws, whereas the latency values from non-humans would deviate from the Benford´s law and Zipf´s law. Even though, the duration values from humans deviates from the Benford´s law, they do follow a pattern that we can develop an accurate model for the duration values. We perform experiments using the benchmark data set developed by Killourhy and Maxion, CMU [1] and obtain divergences of 0.0008, 0.029 and 0.05 for the keyup-keydown (latency), keydown-keydown, and duration of the keystroke data, respectively. Moreover, P-value´s of 0.7770, 0.6230 and 0.0160 are obtained for the keyup-keydown (latency), keydown-keydown, and duration of the keystroke data, respectively. We observe that the latency (which is the time elapsed between release of the first key and pressing down of the next key) is one of the most important features used by administrators for auditing purposes to detect anomalies during their employees logging into their company system.